| tiêu đề | Sipeed PicoClaw <= 0.2.9 Information Disclosure (CWE-200) |
|---|
| Mô tả | # Technical Details
An information disclosure vulnerability exists in the `exec` command safety guard in `pkg/tools/shell.go` of PicoClaw.
The application fails to apply deny-pattern inspection after a command matches `custom_allow_patterns`. A command matching an allow rule such as `^jq\b` is treated as fully exempt from deny checks, allowing jq programs using `$ENV` or `env` to read process environment variables.
# Vulnerable Code
File: `pkg/tools/shell.go`
Method: `guardCommand`
Why: Sets `explicitlyAllowed = true` when a custom allow regex matches, then skips the deny-pattern loop entirely for that command line.
# Reproduction
1. Configure `custom_allow_patterns` to allow jq, for example `^jq\b`.
2. Configure deny patterns intended to block jq environment access, such as `$env` or `env`.
3. Invoke the `exec` tool with a jq payload that reads environment variables, such as `jq -n '$ENV'`.
4. Observe that the command is executed instead of being blocked and process environment data is disclosed.
# Impact
- Exposes runtime secrets stored in environment variables.
- May disclose API keys, provider credentials, proxy secrets, cloud credentials, and tokens.
- Defeats operator expectations that deny patterns remain enforced for allowlisted binaries. |
|---|
| Nguồn | ⚠️ https://github.com/sipeed/picoclaw/issues/3079 |
|---|
| Người dùng | Eric-d (UID 96861) |
|---|
| Đệ trình | 09/06/2026 12:16 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 09/07/2026 20:07 (1 month later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 366374 [PicoClaw đến 0.1.2 ExecTool pkg/tools/shell.go guardCommand nâng cao đặc quyền] |
|---|
| điểm | 0 |
|---|